ThreatX - Blog

Web security is not a new concept. From the dawn of the Internet, cyber criminals have been experimenting with and mastering ways to exploit the data housed within online properties. And as businesses increasingly transition online, the volume of attacks has skyrocketed. According to a recent study,* the number of new vulnerabilities per month exceeded 17,000 in 2018. That’s nearly a 23% increase from 2017. From 10-person startups to thousand-person enterprises, cyber threats are an equally legitimate concern (or at least they should be). Arm yourself with the tools you need to protect your business from malicious attacks (automated or not). The first step is familiarizing yourself with the keywords/terms used most frequently in the application security space.

The following post details, alphabetical order, the first 10 keywords:

Cyber security has never been more important than it is today. The "Internet-era" has ushered in faster and more exciting ways of conducting business, along with a myriad of new challenges for security teams. In an attempt to cover a growing number of bases, businesses are allocating larger share of their budgets to security tools and talent. To add to the complexity of this dilemma, the sheer number of cyber security tools is increasing and it can be difficult for organizations to sort through and effectively asses all of those providers. To help C-Level Execs and security teams with this task, CIO Applications recruited a panel of experienced cyber security professionals to compile a list of cyber security solution providers that exhibit innovative technologies and strategies. ThreatX is now proud to announce its inclusion on 2019's "Top 25 Cyber Security Companies."

Application security is undergoing a broad transformation - from the way applications are architected, developed, and deployed to the ever-evolving diversity and scale of the threats they face. Driving this transformation is the growing complexity of application portfolios, which are providing more engaging experiences for customers but are also housing increasingly more data. Often, this is accomplished through Application Programming Interfaces (APIs), which can be both external-facing, as well as connected on back-end systems. In addition, applications are becoming more modular or are broken into microservices.

As a result, legacy, rules-based web application firewalls (WAFs) like F5 and Imperva Incapsula are not equipped to keep pace with today's dynamic application and threat environments. These tools are increasingly unable to keep up with sophisticated, high-impact threats. Security teams need the right tools and strategies built for these new realities. Enter, the next-gen WAF.

APIs have become a strategic necessity for conducting business due to the agility, innovation, and automation they enable. While 90% of the business reaps the benefits of this technology, the security teams are often exposed to a slew of new challenges that can’t be solved by long-standing security tools and strategies. In fact, according to Gartner¹, by 2022, API abuses will be the most frequent attack vector resulting in data breaches for enterprise web applications. We are partnering with the team at SC Magazine to address this phenomenon in an upcoming webinar.

Before joining ThreatX, Jeremiah Cruit was no stranger to Web Application Firewalls. As a seasoned CISO with 20+ years in the industry, he tried dozens of WAF solutions along the way. And with each solution, his faith in the effectiveness and usability of WAFs dwindled. So how did he end up at a WAF company? IDG Connect explored this and more about his past in the following interview. 

It's hard to believe, but the New Year is nearly upon us. 2018 was a busy year for cybersecurity, between regulatory changes and massive data breaches. Security teams were faced with obstacles that had never before been encountered and were forced to adapt. And while the year is coming to a close, the challenges are far from over. With new vulnerabilities arising from IoT-enabled innovations, an increase in sophisticated attacks due to bots leveraging AI, and the potential for a catastrophic breach in an established sector like utilities, 2019 is shaping up to be a challenging year on the cybersecurity front.

It seems that nearly every week, another IoT related security story is in the news. While most of the coverage still focuses on the hardware, organizations often forget the cloud infrastructure that connects the differing threads of IoT devices. These portals are a mega culprit in the complicated and risky security landscape. They are a modern day hacker's keys to your kingdom.

Over the past few years, web and application development has undergone a considerable change. Not only is application development and integration dominated by web and mobile-enabled solutions, but technologies like APIs and microservices are also breaking into the scene. 

While these recent advancements have increased connectivity and productivity, they have complicated application security for many organizations. From botnets to targeted attacks, web applications are the target and successful source for a growing number of malicious threats - nearly 10% growth YoY^*.